[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /var/log on Debian systems

also sprach Santiago Vila <sanvila@unex.es> [2004.12.14.0137 +0100]:
> No, not again. Please google a little bit more before proposing
> things. For example, read the complete logs for Bug #35504.

I read the complete log, and I read the thread at

However, where's the consensus. Having 2775:root:adm is stupid,
I agree. But where's the real argument against 2755:root:adm?

It seems that Debian wants to take the "allow everything unless
prohibited" approach to log files. The common approach given today's
security requirements is the opposite, "allow nothing unless

If Debian wants to go the first path, why not enable the standard
inetd services throughout, to give just one example? Why not turn
off rp_filter? Why not add every new user to the staff group? Why
not make new homedirectories 775?

Sorry, but I truly do not see a "consensus" here.

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: